Index: apps/codecs/libffmpegFLAC/decoder.c =================================================================== --- apps/codecs/libffmpegFLAC/decoder.c (revision 29613) +++ apps/codecs/libffmpegFLAC/decoder.c (working copy) @@ -48,6 +48,15 @@ #include "arm.h" #endif +int calc_power(int base, int exponent) +{ + int k,result; + result = 1; + for(k=0 ; kgb, s->curr_bps); + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } } if (decode_residuals(s, decoded, pred_order) < 0) @@ -200,19 +213,43 @@ break; case 1: for (i = pred_order; i < blocksize; i++) + { decoded[i] = a += decoded[i]; + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } + } break; case 2: for (i = pred_order; i < blocksize; i++) + { decoded[i] = a += b += decoded[i]; + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } + } break; case 3: for (i = pred_order; i < blocksize; i++) + { decoded[i] = a += b += c += decoded[i]; + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } + } break; case 4: for (i = pred_order; i < blocksize; i++) + { decoded[i] = a += b += c += d += decoded[i]; + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } + } break; default: return -5; @@ -233,8 +270,13 @@ for (i = 0; i < pred_order; i++) { decoded[i] = get_sbits(&s->gb, s->curr_bps); - } - + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } + //fprintf(stderr,"invalid data stored in Subframe\n"); + } + coeff_prec = get_bits(&s->gb, 4) + 1; if (coeff_prec == 16) { @@ -252,19 +294,18 @@ { coeffs[i] = get_sbits(&s->gb, coeff_prec); } - + if (decode_residuals(s, decoded, pred_order) < 0) return -8; - - if ((s->bps + coeff_prec + av_log2(pred_order)) <= 32) { + + if ((s->bps + coeff_prec + av_log2(pred_order)) <= 32) + { #if defined(CPU_COLDFIRE) (void)sum; - lpc_decode_emac(s->blocksize - pred_order, qlevel, pred_order, - decoded + pred_order, coeffs); + lpc_decode_emac(s->blocksize - pred_order, qlevel, pred_order, decoded + pred_order, coeffs); #elif defined(CPU_ARM) (void)sum; - lpc_decode_arm(s->blocksize - pred_order, qlevel, pred_order, - decoded + pred_order, coeffs); + lpc_decode_arm(s->blocksize - pred_order, qlevel, pred_order, decoded + pred_order, coeffs); #else for (i = pred_order; i < s->blocksize; i++) { @@ -272,14 +313,19 @@ for (j = 0; j < pred_order; j++) sum += coeffs[j] * decoded[i-j-1]; decoded[i] += sum >> qlevel; + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } } #endif - } else { + } + else + { #if defined(CPU_COLDFIRE) (void)wsum; (void)j; - lpc_decode_emac_wide(s->blocksize - pred_order, qlevel, pred_order, - decoded + pred_order, coeffs); + lpc_decode_emac_wide(s->blocksize - pred_order, qlevel, pred_order, decoded + pred_order, coeffs); #else for (i = pred_order; i < s->blocksize; i++) { @@ -287,6 +333,10 @@ for (j = 0; j < pred_order; j++) wsum += (int64_t)coeffs[j] * (int64_t)decoded[i-j-1]; decoded[i] += wsum >> qlevel; + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } } #endif } @@ -300,10 +350,14 @@ int i, tmp; s->curr_bps = s->bps; - if(channel == 0){ + // printf("BPS=%d\n",s->bps); + if(channel == 0) + { if(s->decorrelation == RIGHT_SIDE) s->curr_bps++; - }else{ + } + else + { if(s->decorrelation == LEFT_SIDE || s->decorrelation == MID_SIDE) s->curr_bps++; } @@ -314,16 +368,7 @@ return -9; } type = get_bits(&s->gb, 6); -// wasted = get_bits1(&s->gb); - -// if (wasted) -// { -// while (!get_bits1(&s->gb)) -// wasted++; -// if (wasted) -// wasted++; -// s->curr_bps -= wasted; -// } + #if 0 wasted= 16 - av_log2(show_bits(&s->gb, 17)); skip_bits(&s->gb, wasted+1); @@ -338,19 +383,32 @@ //fprintf(stderr,"%d wasted bits\n", wasted); } #endif + //FIXME use av_log2 for types if (type == 0) { //fprintf(stderr,"coding type: constant\n"); tmp = get_sbits(&s->gb, s->curr_bps); for (i = 0; i < s->blocksize; i++) + { decoded[i] = tmp; + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } + } } else if (type == 1) { //fprintf(stderr,"coding type: verbatim\n"); for (i = 0; i < s->blocksize; i++) + { decoded[i] = get_sbits(&s->gb, s->curr_bps); + if(decoded[i]>=calc_power(2,(int)s->bps) || decoded[i]<=-calc_power(2,(int)s->bps)) + { + return -10; + } + } } else if ((type >= 8) && (type <= 12)) { @@ -428,7 +486,8 @@ /* samplenumber actually contains the frame number for streams with a constant block size - so we multiply by blocksize to get the actual sample number */ - if (s->min_blocksize == s->max_blocksize) { + if (s->min_blocksize == s->max_blocksize) + { s->samplenumber*=s->min_blocksize; } @@ -448,13 +507,16 @@ else blocksize = blocksize_table[blocksize_code]; - if(blocksize > s->max_blocksize){ + if(blocksize > s->max_blocksize) + { return -16; } - if (sample_rate_code == 0){ + if (sample_rate_code == 0) + { samplerate= s->samplerate; - }else if ((sample_rate_code < 12)) + } + else if ((sample_rate_code < 12)) samplerate = sample_rate_table[sample_rate_code]; else if (sample_rate_code == 12) samplerate = get_bits(&s->gb, 8) * 1000; @@ -467,8 +529,9 @@ } skip_bits(&s->gb, 8); - crc8= get_crc8(s->gb.buffer, get_bits_count(&s->gb)/8); - if(crc8){ + crc8 = get_crc8(s->gb.buffer, get_bits_count(&s->gb)/8); + if(crc8) + { return -18; } @@ -484,7 +547,8 @@ yield(); - if (s->channels==2) { + if (s->channels==2) + { if ((res=decode_subframe(s, 1, decoded1)) < 0) return res-200; } @@ -512,11 +576,13 @@ init_get_bits(&s->gb, buf, buf_size*8); tmp = get_bits(&s->gb, 16); - if ((tmp & 0xFFFE) != 0xFFF8){ + if ((tmp & 0xFFFE) != 0xFFF8) + { return -41; } - if ((framesize=decode_frame(s,decoded0,decoded1,yield)) < 0){ + if ((framesize=decode_frame(s,decoded0,decoded1,yield)) < 0) + { s->bitstream_size=0; s->bitstream_index=0; return framesize; @@ -528,7 +594,8 @@ switch(s->decorrelation) { case INDEPENDENT: - if (s->channels==1) {; + if (s->channels==1) + { for (i = 0; i < s->blocksize; i++) { decoded0[i] = decoded0[i] << scale; @@ -582,6 +649,6 @@ } s->framesize = (get_bits_count(&s->gb)+7)>>3; - + return 0; }